Hi I have implemented same scenario in react/redux app. But it would help you to achieve the goal. You don’t need to check 401 in each API call. Just implement it in your first validation API request. You can use setTimeOut to send refresh token api request before some time of authentication token expiry. So … Read more
There are a lot of misunderstandings about both cookies and refresh tokens and OAuth2. First, it is not true that only confidential clients can use a refresh token. The OAuth2 protocol says that confidential clients must authenticate, but does not require confidential clients. Ergo, client authentication is optional on the refresh operation. See RFC 6749, … Read more
As pointed out in the comments by @Kuba Šimonovský the accepted answer is missing other important factors: Actually, it is much much much more complicated. TL;DR One can infer that the refresh token lifespan will be equal to the smallest value among (SSO Session Idle, Client Session Idle, SSO Session Max, and Client Session Max). … Read more
I was reading an article the other day by Taiseer Joudeh and I find it very useful he said: In my own opinion there are three main benefits to use refresh tokens which they are: Updating access token content: as you know the access tokens are self contained tokens, they contain all the claims (Information) … Read more
Basically, refresh tokens are used to get new access token. To clearly differentiate these two tokens and avoid getting mixed up, here are their functions given in The OAuth 2.0 Authorization Framework: Access tokens are issued to third-party clients by an authorization server with the approval of the resource owner. The client uses the access … Read more
The link to discussion, provided by Catchdave, has another valid point (original, dead link) made by Dick Hardt, which I believe is worth to be mentioned here in addition to what’s been written above: My recollection of refresh tokens was for security and revocation. <…> revocation: if the access token is self contained, authorization can … Read more